On February 23, 2023, Lawrence General Hospital filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”) after learning that confidential patient information that had been entrusted to the company was leaked following a cybersecurity event. Based on the company’s official filing with the HHS-OCR, the incident resulted in an unauthorized party gaining access to consumers’ protected health information. After confirming that consumer data was leaked, Lawrence General began sending out data breach notification letters to the 76,371 individuals who were impacted by the recent data security incident.

If you received a data breach notification from Lawrence General Hospital, it is essential you understand what is at risk and what you can do about it. As we’ve previously reported, healthcare data breaches pose significant risks to patients, including the risk of identity theft and other frauds. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Lawrence General Hospital data breach, please see our recent piece on the topic here.

What We Know So Far About the Lawrence General Hospital Breach

The available information regarding the Lawrence General Hospital breach comes from the company’s filing with the HHS-OCR. However, the information provided on the HHS-OCR data breach portal is limited and is typically supplemented by the company reporting the breach. However, as of March 10, 2023, Lawrence General Hospital has not yet posted notice of the breach on its website or issued a press release describing what occurred.

However, because Lawrence General filed notice of the breach with the HHS-OCR, it is a fair assumption that the incident likely involved patients’ protected health information. This is because companies only need to report a breach to the HHS-OCR if an incident resulted in the protected health information of more than 500 people being compromised.

Protected health information, which is usually referred to as PHI, is any identifying information collected by healthcare providers during the course of treating a patient. For example, medical history information, demographic information, laboratory test results, mental health information and insurance information can all be considered protected health information. However, under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), health-related data is considered protected health information if it contains at least one identifier, such as a patient’s name, address, Social Security number, medical record number or biometric data.

On February 23, 2023, Lawrence General Hospital sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. According to the HHS-OCR, the Lawrence General data breach affected the private information of 76,371 individuals.

More Information About Lawrence General Hospital

Founded in 1875, Lawrence General Hospital is a private, non-profit hospital located in Lawrence, Massachusetts. Lawrence General serves patients throughout the Merrimack Valley and southern New Hampshire, providing them with a range of services. Lawrence General Hospital has 189 beds, and the facility’s emergency room operates as a Level III trauma center. Lawrence General Hospital employs more than 1,979 people and generates approximately $281 million in annual revenue.